An Indian developer is playing around with an open source ransomware builder, which in the long run may end up causing serious problems for innocent users.

This developer, who goes by the nickname of Empinel and claims to be based in Mumbai, has forked the open source code of the EDA2 project, and with the help of another user, has removed the backdoor hidden in EDA2's original code.

His work started back in May 2016, when he tinkered with EDA2's source code and renamed the project to Stolich, modifying certain aspects of EDA2's encryption.

He received help in September 2016 when another "friendly" developer pushed a pull request to the Stolich repo that removed the EDA2 backdoor code.

This article sheds light on the current ecosystem of the Sathurbot backdoor trojan, in particular exposing its use of torrents as a delivery medium and its distributed brute-forcing of weak WordPress administrator accounts.

There is a preconceived idea that malvertising mostly affects the Windows platform. Certainly, when it comes to malicious adverts, Internet Explorer is a prime target for malware infections. However, malvertising can produce different outcomes adapted to the device the user is running.

Case in point, we discovered this scareware campaign that pushes a ‘free’ VPN app called My Mobile Secure to iOS users via rogue ads on popular Torrent sites. The page plays an ear-piercing beeping sound and claims your device is infected with viruses.

Cybercrime is big business, and is growing at an exponential rate. British insurer Lloyd’s of London estimated the cybercrime market at $400 Billion in 2015. Today, just two years later, the World Economic Forum estimates that the total economic cost of cybercrime to currently be $3 trillion. And Cybersecurity Ventures is predicting that cybercrime will cost the world in excess of $6 trillion annually by 2021.

One of the forces behind this explosive growth of cybercrime is that illegal business can be safely conducted deep in a part of the Internet that most people have never seen, and have no idea how to access. The “darknet” lies beyond normal web browsers, is protected by layers of anonymity, and has become a haven for criminal commerce.

The common conception of cyber attacks is kind of like bad weather: ranging from irritating to catastrophic, but always unpredictable. Hackers are simply too sophisticated to draw any reliable judgments on and we shouldn’t try. As it turns out, some hackers are fairly predictable in their successful use of really dumb attacks. Here’s a few.

WikiLeaks has published what it says is another batch of secret hacking manuals belonging to the US Central Intelligence Agency as part of its Vault7 series of leaks. The site is billing Vault7 as the largest publication of intelligence documents ever.

Friday's installment includes 27 documents related to "Grasshopper," the codename for a set of software tools used to build customized malware for Windows-based computers. The Grasshopper framework provides building blocks that can be combined in unique ways to suit the requirements of a given surveillance or intelligence operation. The documents are likely to be of interest to potential CIA targets looking for signatures and other signs indicating their Windows systems were hacked. The leak will also prove useful to competing malware developers who want to learn new techniques and best practices.

The Shadow Brokers (TSB) are back, and they've released the password for the rest of the hacking tools they claim to have stolen from the NSA last year.

TSB is a mysterious group that appeared in the summer of 2016 when they dumped on GitHub and other sites a trove of files they claim to have stolen from the Equation Group, a codename given to a cyber-espionage group many cyber-security experts believe to be the NSA.

t McAfee, we have put significant efforts in hunting attacks such as advanced persistent threats and “zero days.” Yesterday, we observed suspicious activities from some samples. After quick but in-depth research, this morning we have confirmed these samples are exploiting a vulnerability in Microsoft Windows and Office that is not yet patched.

This blog post serves as a heads-up for our customers and all Office users to protect against this zero-day attack.

The samples we have detected are organized as Word files (more specially, RTF files with “.doc” extension name). The exploit works on all Microsoft Office versions, including the latest Office 2016 running on Windows 10. The earliest attack we have seen dates to late January.